CVE-2007-2506

WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO.
Configurations

Configuration 1

cpe:2.3:a:progress:progress:9.1e:*:*:*:*:*:*:*
cpe:2.3:a:progress:webspeed:3.0:*:*:*:*:*:*:*
cpe:2.3:a:progress:webspeed:3.1d:*:*:*:*:*:*:*
cpe:2.3:a:progress:webspeed:3.1a:*:*:*:*:*:*:*
cpe:2.3:a:progress:webspeed:3.1e:*:*:*:*:*:*:*

Information

Published : 2007-05-04 01:19

Updated : 2018-10-16 04:44


NVD link : CVE-2007-2506

Mitre link : CVE-2007-2506

Products Affected
No products.